Temporal Security for Controlled Access Systems

ABSTRACT

An apparatus for authenticating a user to gain access or entry. A correct final time interval count is associated with execution of a secure system act; it is revealed to or known by the user prior to ending the secure system act. A counter determines a final time interval count representing a number of time intervals from the beginning to the end of the secure system act. A validation unit validates the user as a valid user if the secure system act matches a correct secure system act and the final time interval count matches a correct final time interval count. If both determinations are affirmative the validation unit produces an authentication signal. In turn a control unit generates a control signal that permits access or entry to the user.

CROSS REFERENCE TO RELATED APPLICATION

The present application is a divisional application of and claimspriority to patent application Ser. No. 14/207,384 filed on Mar. 12,2014 and entitled Temporal Security for Controlled Access Systems, whichfurther claims priority to the provisional application filed on Mar. 12,2013, assigned application No. 61/777,679 and entitled Secure TimelessIdentities. Both applications are incorporated herein in their entirety.

FIELD OF THE INVENTION

The invention generally relates to the protection of secure systems.These secure systems have security features that attempt to controlaccess to the system. The secure systems can be physical, mechanical,electrical, software, or otherwise.

BACKGROUND OF THE INVENTION

In today's society, lack of security has become an increasing problem.Inadequate security can result in large financial losses. Providingsecurity to known and unknown threats in physical and virtual spaces isimportant as we record information and lead our daily lives.Unfortunately, society appears to be progressing forward without concernfor the consequences of some of its decisions.

Thus, there is a need for improved security without creating asignificant burden on the user. The invention is directed to apparatusesand methods for improving system security that are not burdensome to alegitimate user, but are difficult for intruders to successfullynavigate. Furthermore, many times secure systems must be protectedagainst automated attacks, eavesdroppers, and others attempting to gainillegitimate entry. For example, automated attacks are able to attemptpassword permutations at a much faster rate than a human can.

Three authentication components that are commonly used to protect securesystems are, “What you know,” “What you have,” and “What you are.”

“What you know” is the most common form of authentication and in theprior art more security is provided by increasing the possiblepermutations or to add additional authentication steps. With computingpower continually increasing these techniques provide marginal increasesin security, as computers can execute millions of passwords per secondwhere a human normally takes a second or so to enter a single password.

“What you know” is information that the user knows, such as a password,that others do not know. Authentication systems that fall into the “Whatyou know” category include but are not limited to: alphanumericpasswords, Completely Automated Public Turing Test To Tell Computers andHumans Apart (CAPTCHA), personal identification numbers (PINs),patterns, gesture, images, movement(s), spoken passwords, passwords ingeneral, and others familiar to those skilled in the field.

“What you have” is a physical object that you possess, such as aphysical key. Authentication elements in the “What you have” categoryinclude but are not limited to: a smart key, a physical key, an RFID(Radio Frequency Identification) key, an NFC (Near Field Communication)key, a USB (a key in the form of a plug-in for a Universal Serial Bus),and others familiar to those skilled in the art.

“What you are” is a user's physical characteristics, such as biometrics,fingerprints, retina scans, etc. Authentication systems in the “What youare” category include but are not limited to: biometrics, fingerprints,voice patterns, voice passwords, retina scans, facial recognition,pressure, weight, and others known by those skilled in the art.

Secure systems require a key, digital, electronic, mechanical orotherwise, to gain entry or access. Methods for gaining access to asecure system are referred to herein as a secure system act. In theprior art a single secure system act or a combination of secure systemacts are required to gain access to the secure system. Any number ofsecure systems acts can be required to gain access to a secure system.The present application describes each secure system act individually,recognizing that multiple secure system acts may be required to gainaccess.

A password is typically a sequence of alphanumeric characters. Entry ofone or more passwords is a common secure system act for gaining entry toa secure system, such as a computer. Alphanumeric character passwordscan also serve as a key to a form of encryption. That is, cryptographickeys can be protected using alphanumeric keys. The most common interfacefor entering an alphanumeric password is a keyboard, although it isknown that there are many other input devices for entering a password. Asecure system act can also comprise a username plus a password, i.e., a2-tuple secure system act. Then only a known correct username/passwordcombination allows entry to the secure system.

The alphanumeric password is a “what you know” element and only thepersons authorized to access the system know this password. Forinstance, CAPTCHA is a form of an alphanumeric password where thealphanumeric password is displayed so that the persons authorized foraccess to the system should be able to read it. The user then enters theCAPTCHA password and gains entry. But a computer-based sensor cannotaccurately read the CAPTCHA password and therefore will not gain entryto the system.

An alphanumeric password may consist of numbers, such as a PIN password.PIN passwords are commonly entered on physical keypads but entry is notlimited to only physical keypads. For instance, an algorithmicallygenerated PIN, such as those used in RSA tokens, is displayed. The userthen enters the displayed PIN password to gain access to the securesystem.

Pattern passwords e.g., gestures, spoken words and movements, areanother common form of authentication to gain access to a secure system.The pattern can be, but is not limited to, moving an interface devicesuch as a joystick in a pattern, tracing or drawing an image, signing asignature, or moving a finger in a certain pattern. The patterns areknown only to the user and thus a pattern password is considered a “whatyou know” element.

Some common interface devices for entering a pattern password include atouch screen, such as those found on mobile devices and touch screenmonitors, joysticks, controllers, keyboards, and number pads. This listis meant to be representative and it is understood that there are otherforms of entering a pattern password.

Pattern passwords can have a discrete or variable number of possibleentries. For instance, mobile devices can be protected with nine proxypoints that the user's movement is mapped to. Each proxy point can onlybe activated once, meaning a pattern password has a discrete number ofpossible entries; for example a nine proxy point system has 362,880discrete entries. Another common interface for entry of a discretepattern password is a numeric keypad; where there are ten proxy pointsthat can be used any number of times, with a limit on the patternpassword length. Other common “What you know” pattern authenticationelements are known by those skilled in the art.

Another common way to restrict access to a secure system requires aspecific physical device, “What you have”, such as physical key. Themost common physical security key is a physical key for insertion into akeyhole. In one common implementation of a physical key system the userinserts the key into the keyhole and then turns it to gain access to thesecure system or space. Other common “what you have” authenticationelements include, but are not limited to, smart keys, NFC keys, audiokeys, RFID keys, embedded chips/identifiers, credit/debit cards,physical keys, and USB drives. A “What you have” authentication processassumes that only the persons authorized for access to the secure systemhas the physical key.

Biometrics, “what you are,” is another common element for restrictingaccess to a secure system. A common biometric is the fingerprint. Thefingerprint is read by a scanner to determine if the user is authorizedfor accessing the secure system. Other common biometrics include but arenot limited to, voice patterns, retina scans, and facial recognition.

Any secure system act can be combined with other secure system acts tomake the authentication process more secure. For instance, a commontwo-element authentication process prompts the user to enter hisusername and password then a text is sent to his mobile device. The textcontains a PIN that the user must enter next. Also, a credit/debit cardrequires use of a physical card as well as entering the associated PINor billing zip code.

Providing security to known and unknown threats is important as more ofpersonal and private information and data about each of us is stored insystems that are expected to be secure. We also trust our livelihood andsafety to systems such automobiles, cryptography, infrastructure, andphysical locks.

BRIEF DESCRIPTION OF THE DRAWINGS

The following detailed description will be further understood when readin conjunction with the appended drawings. For the purpose ofillustrating the invention, there are shown in the drawings exemplaryembodiments of the invention; however, the invention is not limited tothe specific methods, compositions, and devices disclosed. In addition,the drawings are not necessarily drawn to scale. In the drawings:

FIG. 1 illustrates elements of a key that includes a time sensitivepassword.

FIG. 2 illustrates general steps for gaining access to the securesystem.

FIG. 3 illustrates an embodiment using an alphanumeric password forgaining access to the secure system.

FIG. 4 illustrates an embodiment using a biometric password for gainingaccess to the secure system. Error! Reference source not found.

FIG. 5 illustrates an embodiment using a facial recognition password forgaining access to the secure system.

FIG. 6 illustrates an embodiment using a gesture password for gainingaccess to the secure system.

FIG. 7 illustrates an embodiment using an alphanumeric sequence forgaining access to the secure system.

FIG. 8 illustrates an embodiment using a movement password for gainingaccess to the secure system.

FIG. 9 illustrates an embodiment using a pattern password for gainingaccess to the secure system.

FIG. 10 illustrates an embodiment using a physical key for gainingaccess to the secure system.

FIG. 11 illustrates an embodiment using a PIN password for gainingaccess to the secure system.

FIG. 12 illustrates an embodiment using a sensor based password forgaining access to the secure system.

FIG. 13 illustrates an embodiment using a smart key for gaining accessto the secure system.

FIG. 14 illustrates an embodiment using a spoken password for gainingaccess to the secure system.

FIG. 15 illustrates a transaction dependent protection (TDP) 3-tuplekey.

FIG. 16 illustrates an exemplary TDP layout on a display screen.

FIGS. 17-19 illustrate sequential TDP entry steps as displayed on adisplay screen.

FIG. 20 illustrates the information sent to a validation unit forauthenticating a user to gain entry/access.

FIG. 21 illustrates an exemplary TDP layout for a pattern password.

FIGS. 22-24 illustrate exemplary predictive security applications for anembodiment of the present invention.

FIG. 25 illustrates a physical key embodiment of the present invention.

FIG. 26 illustrates the elements of a secure system according to oneembodiment of the invention.

DETAILED DESCRIPTION OF ILLUSTRATIVE EMBODIMENTS

The present invention may be understood more readily by reference to thefollowing detailed description taken in connection with the accompanyingfigures and examples, which form a part of this disclosure. It is to beunderstood that this invention is not limited to the specific devices,methods, applications, conditions or parameters described and/or shownherein, and that the terminology used herein is for the purpose ofdescribing particular embodiments by way of example only and is notintended to be limiting of the claimed invention.

Also, as used in the specification including the appended claims, thesingular forms “a,” “an,” and “the” include the plural, and reference toa particular numerical value includes at least that particular value,unless the context clearly dictates otherwise. The term “plurality”, asused herein, means more than one. When a range of values is expressed,another embodiment includes from the one particular value and/or to theother particular value. Similarly, when values are expressed asapproximations, by use of the antecedent “about,” it will be understoodthat the particular value forms another embodiment. All ranges areinclusive and combinable.

It is to be appreciated that certain features of the invention whichare, for clarity, described herein in the context of separateembodiments, may also be provided in combination in a single embodiment.Conversely, various features of the invention that are, for brevity,described in the context of a single embodiment, may also be providedseparately or in any sub-combination. Further, references to valueswithin a stated range include each and every value within that range.

When ranges are used herein for physical properties, such as molecularweight, or chemical properties, such as chemical formulae, allcombinations, and sub combinations of ranges for specific embodimentstherein are intended to be included.

The disclosures of each patent, patent application, and publicationcited or described in this document is incorporated herein by referencein its entirety.

Those skilled in the art will appreciate that numerous changes andmodifications can be made to the preferred embodiments of the inventionand that such changes and modifications can be made without departingfrom the spirit of the invention. It is, therefore, intended that theappended claims cover all such equivalent variations as fall within thespirit and scope of the invention.

The disadvantages associated with today's secure systems acts are knownand several have been described above. The performance of secure systemacts (e.g., entry of a password) according to a determined timeinterval, as described herein, provides an increased level of securitywithout adding a significant burden to the user. By tracking informationthat is readily available, i.e., a time component of the secure systemact, access is made more secure. Additionally, differences betweenhumans and computers to gain access to secure systems are highlighted byforcing the computer to spend as much time on each secure system act asa human would spend.

Transactions and authenticated access are made secure through the use ofkeys (e.g., passwords, gestures). Many keys have multiple components orelements that must be determined to be correct to gain access to asecure system. The novel approach described herein is referred to astransaction dependent protection (TDP) where the protection is providedby a time-sensitive secure system act, i.e., comprising both a securesystem act and an associated time interval (or in another embodiment, atime duration) for accomplishing the act.

The time sensitive component (i.e., a time duration to complete the actor the time interval during which the act is completed) may vary aselements of the secure system act are entered. That is, one element of asecure system act may generate a time interval of one or more otherelements of the secure system act.

In the embodiment associating a time interval with completion of thesecure system act, the duration of each time interval may be identicalor each time interval may have a different duration. Further, each timeinterval is assigned a numeric value. The secure system act must becompleted within a given duration, but herein the duration is measuredby time intervals. For example, if the secure system act is to becompleted in 10 seconds (i.e., the duration for completing the securesystem act is 10 seconds) and each time interval is 1 second long, thenthe secure system act must be completed during the 10^(th) timeinterval. Thus “10” is the identifier of the time interval (alsoreferred to as a time interval identifier) during which the securesystem act must be completed.

In one embodiment the time interval for completing the secure system actis set by the user entering a password multiple times, determining theamount of time for each entry of the password, then averaging the timevalues. The result of the averaging process, which is the time duration,is transformed to a time interval identifier, where the time intervalidentifier is a numeric value.

Also, the time interval identifier can be set through machine learningbased on the length of time the user takes to complete the secure systemact. A combination of the secure system act and the time intervalidentifier for performance of that act comprises a unique signature orkey to gain access/entry.

As described in FIG. 1 the TDP comprises a secure system act and a timeinterval identifier associated with that act. If the act is completedduring the associated time interval the user is granted access to asecure system. The secure system act plus the time interval componentprovides a more secure system.

Before access is granted to the secure system the user must successfullystart, perform, and complete the secure act. Secure access today, suchas turning a key in a door lock, entering a password, etc. does notinclude a time component that is part of the process to gain access tothe secure system. This invention adds the time component, whichprovides increased security, in particular against automatedcomputer-based intrusions.

An automated attempt to gain access must take the same amount of time toperform the secure act that a person/user would take to perform the sameact. Thus the invention slows each automated attempt to the speed of auser. Use of the time interval component attacks the greatest strengththat computers have, versus humans, when trying to gain (unauthorized)entry to a secure system.

Computers process password permutations/combinations and computations ata much higher rate that humans For instance, keystroke loggers captureeach key that has been struck but they do not capture the time of eachentry. Prior to the current invention the key strokes identified by akeystroke logger would have been sufficient to gain access to the securesystem. According to the invention even if a time sensitive secure actis observed by a hacker, the hacker must also capture the time durationof the act as well as the secure system act itself, to gain access.

For instance, physical locks are often “picked” by using a jumbler thatbounces the pins within the lock. While the pins are jumbling pressureis applied to the door handle so that as soon as the tumblers align thehandle turns and access is gained. A time sensitive physical lock, whenimplementing the features of the current invention, prevents this formof attack by requiring the pins to be aligned for a predetermined timebefore the handle can be turned to gain entry.

The secure system act is defined by an operation that begins the act(i.e., a starting or beginning component) and an operation that ends theact (an ending component or act).

Exemplary Operations that Can Begin a Secure System Act

Non-limiting examples of operations that can be used to begin a securesystem act include:

-   -   Full insertion of a physical key into a keyhole    -   Holding a physical key near the keyhole    -   Turning the key within the keyhole    -   Non-nulling of a data entry field    -   Clicking into an entry field.    -   Tabbing into an entry field.    -   Placing a finger onto a touch screen.    -   Placing a finger onto a fingerprint reader.    -   Moving a joystick or controller.    -   Placing an eye in front of a retina scanner.    -   Touching the first number in a PIN entry.    -   Making an audible noise, such as saying a word or speaking.    -   Holding a NFC enabled phone, device, card or otherwise within        range of a NFC reader.    -   Placing a device into a computer, such as a YubiKey.    -   Showing a tattoo to a reader.    -   Showing a device within or on a person within a certain distance        from a reader.    -   Extracting information from something on or within a person.    -   Moving to start a movement password or otherwise.    -   When a user begins a certain action for a second time, resetting        the time component and moving from the body of the act to the        start of the act.

The operations set forth above are exemplary operations that begin asecure system act. In general, these beginning operations mark theuser's start of interaction with the secure system or a validationsystem associated with the secure system. One skilled in the field canidentify other operations that begin or represent a secure system act.

Exemplary Operations that Comprise a Secure System Act

Once the secure system act has begun, any of the following non-limitingoperations can comprise a secure system act.

-   -   When an alphanumeric password or PIN is used, rendering the        field as a non-null field, i.e., making an entry    -   Tracing a shape on the screen or keyboard    -   Speaking    -   Providing a physical device to a system    -   Continually engaging a physical device (e.g., a key) with a        system    -   Providing a biometric to a system    -   Continued interaction with the interface that is recording        information    -   Any user interface with a system between the start of the secure        system act and end of the act can define the secure system act.

These are just a few exemplary secure system acts. In general the securesystem act comprises the user's interaction with the secure system or avalidation system associated with the secure system. One skilled in thefield can identify other types of operations that comprise a securesystem act.

Exemplary Operations that Can End a Secure System Act

Examples of operations that can end a secure system act include:

-   -   A physical key being turned or pulled out of the keyhole etc.    -   When the entry field is made null.    -   When the user resets the secure system act attempt. For        instance, the user could clear the alphanumeric password attempt        or perform an act that is considered a start of a secure system        act.    -   A click off of the entry field.    -   Tabbing out of the entry field.    -   Pulling a finger away from the touch screen.    -   Removing a finger from a fingerprint reader.    -   Removing an eye from a retina scanner.    -   Touching the last number in a PIN entry.    -   Submitting/entering/clicking enter/submit/deactivate. For        example this could be done after entering an alphanumeric        password or PIN.    -   Making a noise such as saying a word or speaking.    -   Removing the NFC enabled phone, device, card or otherwise from        range of a NFC reader.    -   Removing a device from a computer such as a YubiKey.    -   Showing a tattoo to a reader or moving out of range from the        reader that reads a device that is within or on a person, or        otherwise taking information from something on or within a        person.    -   Removing a tattoo from a reader, or moving out of the reader's        range so that the reader cannot read a device within or on a        person, or otherwise removing information from something on or        within a person    -   Moving to start the movement password or otherwise.    -   Completing the movement/pattern/picture password, hitting a        certain number of correct points, saying/clicking/gesturing/or        otherwise indicating that the attempt is complete.    -   Submission, clicking off, pressing enter, tab, deactivation,        completing the valid secure system act alone could end the act        etc.

These are just a few examples of operations that can end a secure systemact. In general the ending operation denotes the time intervalassociated with the secure system act. One skilled in the field couldidentify other operations for denoting the end of a secure system act.

Time Interval Counter or Component for Determining a Time Interval

Using time interval identifiers, an interval counter counts the numberof time intervals (where each interval is measured in seconds, forexample) that have elapsed during execution of the secure system act.The intervals may be correlated to real time or fixed or approximatetime intervals, computer cycles, etc. A timer/counter can be electricalor mechanical.

A validation unit determines if the secure system act was completedwithin the associated time interval. If both the act and its completionduring the associated time interval are correct, the user gains accessor entry to the secure system.

One embodiment supplies the validation unit with only the time intervalcount when the secure system act has ended. Another variation records orsends the time interval information to the validation unit each time thetime interval count changes. In the latter case the time intervalcounter continues incrementing/counting until the secure system act hasbeen completed.

The time interval counter can also be reset during a secure system act.The reset may occur, for example, if the secure system act is restarted.For instance, if the start of the secure system act is to make the fieldnon-null, if the user rendered the field null a second time, the timeinterval counter resets such that when the secure system act isrestarted the time interval counter also restarts.

Each time the temporal interval count changes the information entered bythe user during the previous interval can be input to the validationunit with an identifier for the interval during which it was entered.Alternatively, a change between the current and past temporal intervalcounts can be sent to the secure system.

In one embodiment the time interval component of the invention comprisesone or more time intervals that are tracked using a time intervalidentifier. Each time interval can be independent of or dependent on theother time intervals and time-sensitive password attempts.

The time intervals can be tracked mechanically, electrically, orotherwise.

Some exemplary techniques for determining the time intervals are setforth below. They are merely representative examples and are not meantto be exhaustive. Those skilled in the art will appreciate that otherimplementations for determining the time intervals are also possible.

-   -   Each time increment within a time interval can have the same        predetermined fixed duration. An example of this implementation        is a time duration of one second.    -   Each time increment can be randomly generated. Examples of this        implementation include, but are not limited to: the user types a        password multiple times and the computer determines that it        takes the user an average time to complete entry. Then using the        average, the validation system generates a time interval that        becomes part of the entry key.    -   The duration of each time interval is random, but the sum of the        time durations is a fixed value.    -   The time duration of all intervals are random and the user must        wait until a time interval identifier appears on a display        screen visible to the user. Once displayed the user knows that        the time component of the entry/access key is active and the        user must execute the proper operation to end the secure system        act within that interval.    -   Time durations can be dynamically allocated. An example is the        user failing to complete the secure system act in the proper        time interval. For the next attempt the user is allocated a        longer time interval to complete the act. This is an example of        a dynamically allocated time interval based on past entries. The        intervals can also be dynamically allocated based upon current        information such as a slower typing pattern/speed than normal or        the use of numerous backspace strokes. Notwithstanding any        dynamic change in the allotted time duration to execute the        secure system act (where the allotted time duration is        represented by a time interval identifier) the user must        complete the secure system act within the currently designated        time interval.    -   The user can define the time duration. The user could say time        interval one has a duration of a tenth of a second, interval two        a duration of half a second, interval three a duration of a        second, etc. Thus each time interval may have a different        duration and the user can select the duration of one or more of        the time intervals. Further, one of these time intervals is        selected as the proper time interval within which to complete        the secure system act.    -   The computer can generate a time duration for each time interval        randomly or based on past user entries.    -   The computer displays a time interval identifier that the user        must consider as an element of password entry. For example, for        a CAPTCHA implementation, the system provides a CAPTCHA password        to the user in a form that a computer cannot easily read, but a        human user can easily read. CAPTCHA also provides an interval        identifier, which is a component of the secure system act.        CAPTCHA may display “B408MT//7”, where “B408MT” is the password        and the user must wait until a “7” appears in the time interval        region of the display, and when the “7” appears the user must        end the secure system act to gain access/entry.    -   The time durations can be defined algorithmically. The durations        may increase or decrease. For example, the time interval        duration can be equal to the interval number divided by three        plus ten.    -   The time intervals can be unknown and not displayed to the user.        The first time interval may have a duration of a tenth of a        second and the second time interval an infinite length.

These are just a few examples of techniques for establishing the timeinterval component of the time sensitive password for a secure systemact.

The time component of the secure system act according to the presentinvention comprises time intervals that are tracked by time intervalidentifiers. These time interval identifiers may displayed to the user,but this is not necessarily required. If displayed, the time intervalidentifier can be displayed to the user visually, auditory, by hapticfeedback, or otherwise. The below examples are representative and notmeant to be exhaustive as one skilled in the art will understand thatother implementations are possible.

-   -   Time interval identifiers can be visually displayed with a        conventional measure of time, seconds, etc.    -   Time interval identifiers can be visually displayed with a        numeric count.    -   Time interval identifiers can be visually displayed with an        alphanumeric character string.    -   Time interval identifiers can be visually displayed using a        color, colors, patterns, images or otherwise.    -   Time interval identifiers can be displayed using an auditory        mechanism, such as a constant sound throughout a time interval,        a sound at the transition of time intervals, a pattern of sounds        or otherwise.    -   Time interval identifiers can comprise a haptic feedback        mechanism such as a vibration, a vibration pattern during a time        interval or at transitions, such as when a user inserts a        physical key into a door.

The time interval identifiers do not need to be displayed to the userand the user does not need to know the time interval. The time intervalidentifier can be stored by the secure system, computer, electronically,physically, mechanically, or otherwise. Thus the invention comprises twodifferent embodiments one in which the time interval identifier isdisplayed to the user and another in which the time interval identifieris not displayed to the user.

In a first embodiment the time interval comprises in effect two timesubintervals. The first subinterval is less than a second in length andthe second subinterval is infinite in length. According to thisembodiment an automated attempt to gain access by a computer system willfall into the first time interval and fail because the duration of thecomputer access attempt will be less than one second. The secure systemact will have been completed before the second subinterval has begun.Since access/entry is gained only when the secure system act has beencompleted within the second subinterval (where the time interval ofinterest is in fact the sum of the first and second subintervals)access/entry is denied.

But a human user's attempt will fall into the second subinterval (ahuman user cannot execute any secure system act in less than one secondand thus the first time subinterval will have expired) and will besuccessful since the second subinterval is of infinite duration.

According to a second embodiment, the time interval is selected based onthe user's consistent, i.e., always taking about the same time duration,execution of the secure system act.

FIG. 1 illustrates the components of a time-sensitive password system(or TDP) of the present invention. Execution of the secure system actcomprises an element 101 and the time interval identifier for completingthe secure system act comprises an element 102. The time intervalidentifier is the time component associated with the secure system act.That is, the secure system act must be completed within the timeinterval identified within the element 102.

In one embodiment the invention derives its secure features based on thenumber of time intervals between the start of the secure system act andthe beginning of the valid time interval (where the time intervalidentifier denotes the valid time interval). The greater number of timeintervals between these two events, the more secure the system. That is,an intruder will need to complete the secure system act within each timeinterval (where each time interval may also be considered a time bin) asthe intruder attempts to gain entry/access. Of course, the intruder mustknow beforehand that to gain access/entry the secure system act includesa time component.

On the first attempt the intruder will complete the secures system actduring the first time interval, then on the second attempt during thesecond time interval, etc. More bins or intervals between the beginningof the secure system act and the valid time interval suggests that theintruder will take a longer time to gain access. This extended time togain longer time effort is generally sufficient to discourage furtherattempts to gain access, especially for automated intruder attempts.

FIG. 1 depicts a more complex and secure key than known in the priorart. The components of the key may or may not be sent together or to thesame location for validation.

FIG. 2 illustrates the steps associated with granting access once thekey has been entered at a step 201. The key is then transmitted to avalidation system, step 202, where it is validated, step 203. Oncevalidated a notification of secure system entry, step 204, is deliveredto the user and access is granted or denied.

The time sensitive password can be stored locally then transmitted ortransmitted then stored. Information intended for the secure system canbe transmitted during the secure system act, withheld until the end ofthe secure system act, or otherwise. If access is not granted the usercan be notified of the failure to gain entry.

The time interval identifiers, which may or may not bedisplayed/portrayed to the user, and do not need to necessarily directlyindicate the time duration as a numerical value, such as the timeinterval count.

But the time interval identifier can be mapped to a specific color or aspecific picture, where the specific color or picture represents aspecific time interval to the user. The user sees the displayed color orpicture and must complete the secure system act within the time intervalassociated with the displayed color.

Time intervals can be displayed to the user to assist with execution ofthe time sensitive secure act. For instance, if a user completes thesecure system act properly but is denied entry, the time intervalidentifier is displayed to the user to permit them to understand whythey were denied entry. That is, entry was denied because the timeinterval component associated with the user's performance of the secureact did not match the stored time interval identifier associated withthe secure system act.

In another embodiment the time interval identifiers is mapped to anotheraction. For example, a sequence of colors is displayed to the user, whomust complete his secure system act in the time before or when theproper color is displayed. Of course, in this example as well as otherspresented herein, the secure system act and the time interval must bothbe validated as correct before entry to the secure system is granted.

In one embodiment if information is sent during the secure system acteach time interval identifier must have the proper portion of the securesystem act tied to it. Each portion of the secure system act and itscorresponding time interval identifier must be correct.

FIG. 3 illustrates more detailed steps associated with the presentinvention. A secure system is protected by a secure system act, which inthis case is an alphanumeric password. To gain access to the system, theuser must enter the alphanumeric password through an interface. The usermay have previously entered their username in response to a prompt. Thecorrect alphanumeric password and the correct time component arerequired to gain access to the secure system. The time component can bepresented to the user by the time interval identifier or it can behidden from the user. Whether or not the time interval identifiers aredisplayed to the user, the time interval component for the secure actmust be correct to gain access to the secure system.

The user starts the secure system act at step 301. Common techniques forbeginning the secure system act are described elsewhere herein. Oncebegun, the user enters the alphanumeric password and the system beginscounting time intervals.

The user enters their alphanumeric password at a step 302.

As each time interval ends the next one begins (step 303). Each timeinterval has an identifier. Each time interval may have the sameduration, varied, algorithmically defined, random, dynamic,user-defined, as further described elsewhere herein. The identifier mayor may not be presented to the user. In those embodiments where the timeinterval identifier is not presented to the user, the time intervalidentifier is still used as an element of the key with the alphanumericpassword to gain access.

The user ends the secure system act at a step 304. There are a number ofways to end the secure system act and these have been describedelsewhere herein. When the secure system at has ended, the systemcaptures the current time interval identifier as the final timer timeinterval identifier. See a step 305.

The entered alphanumeric password and the final time interval identifiertogether comprise the key that allows entry into the system. Thecomponents of the key may or may not be sent together or to the samelocation for validation. See a step 306.

Both the alphanumeric password and the final time interval identifiermust be correct/accepted for the key to be accepted. If both are correctand accepted entry to the secure system is validated and approved at astep 307.

After validation the user is notified that access has been granted tothe secure system. See a step 308.

FIG. 4 illustrates more detailed steps associated with an embodiment inwhich a user's biometric characteristic(s) or biometric password servesas a secure system act. Biometric passwords are provided to a biometricsensor that determines if the presenting person is allowed or deniedaccess. There are many ways for the user to start and end the securesystem act when using a biometric password. For instance, the user canbegin a biometric password when using a fingerprint reader by simplyproviding their finger to a sensor. The end of the biometric passwordcan be defined as the act of removing their finger from the sensor. Theproper biometric and the proper time interval are both required to gainaccess to the secure system. Generally, the steps set forth in FIG. 4mirror those of FIG. 3, except for the nature of the secure system act,and need not be discussed further herein.

FIG. 5 illustrates steps associated with a secure system act comprisinga facial recognition password. Both the facial recognition password andthe correct time interval component are required to gain access to thesecure system. In this case the facial recognition device must determinewhether the presented facial characteristics match the facialcharacteristics of one who is permitted access to the secure system.Further, one of the “ending” operations described elsewhere hereinrepresents the end of the secure system act.

FIG. 6 illustrates more detailed steps associated with the presentinvention in an embodiment where the secure system act comprises agesture password. The gesture and the time interval component arerequired to gain access to the secure system.

FIG. 7 illustrates more detailed steps associated with an embodiment ofthe present where the secure system act comprises a CAPTCHA, RSA token,or an alphanumeric sequence that is provided to the user for entering asthe secure system act. The provided secure system act and the timeinterval component are required to gain access to the secure system. Inone embodiment the correct time interval identifier could be providedwith the secure system act or otherwise presented to the user. Further,the time component can be presented to the user according to a timeinterval identifier or it can be hidden or encrypted. In eitherimplementation the secure system act must be completed during thecorrect time interval to gain access to the system.

FIG. 8 illustrates more detailed steps associated with an embodiment ofthe present invention using a movement password to gain entry or access.Both the correct movement and the correct time interval are required togain access to the secure system.

FIG. 9 illustrates more detailed steps associated with an embodimentwhere the secure system is protected by a pattern password. The correctpattern and the correct time interval are both required to gainaccess/entry.

FIG. 10 illustrates more detailed steps associated with the presentinvention in which the secure system act comprises a physical key. Togain access/entry to the system the user must supply the physical key.The physical key and the time interval corresponding to the securesystem act (which may be the time duration during which the physical keyis supplied to the secure system) are both required to gain access tothe secure system.

FIG. 11 illustrates an embodiment where the secure system is protectedby a PIN password. The user may present a physical device such as anATM, smart card, debit card or otherwise, prior to being required toenter the PIN password associated with that physical device. Both thecorrect PIN and the correct time interval are required to gain access tothe secure system.

FIG. 12 illustrates more detailed steps associated with an embodimentwhere the secure system is protected by a sensor password, such aspressure, heat, sound or otherwise. To gain access the user must supplythe sensor with the proper feedback, which can be accomplished by asensor interface. The correct sensor input and correct time intervalassociated with the sensor-based secure system act are required to gainaccess/entry to the secure system.

In one embodiment a numerical value for the sensor input (e.g., amountof heat, pressure) is not necessarily relevant, only that the propertype of sensor input is expected. For example, this embodiment can beimplemented on a mobile phone that has NFC capability. The NFC on thephone is then only activated if the user's finger or hand is touchingany region of the touch screen and thereby activates a pressure sensor.According to the present invention, to improve phone security thepressure measurement can include a time interval component. For examplethe user must apply pressure to the touch screen pressure sensor for apredetermined period of time, e.g., 2 seconds. The time intervals arecounted/incremented during application of the pressure. The timeinterval when the pressure is removed (corresponding to the end of thesecure system act) is captured and represents the final time intervalidentifier, which must match the correct time interval identifier forthe user to gain access.

FIG. 13 illustrates more detailed steps associated an embodiment inwhich the secure system is protected by a smart key, such as thoserequired to enter buildings and rooms within buildings as well as carswhich use RFID, NFC, or otherwise to validate that the proper key ispresent. Some keys have active circuitry on them where as others usepassive circuitry. The smart key and the time interval component arerequired to gain access to the secure system.

FIG. 14 illustrates more detailed steps associated with the presentinvention where the access is gained via a spoken password. The spokenpassword and the time interval component are both required to becorrectly validated to gain access to the secure system.

In each of the embodiments illustrated in the foregoing figures, a timeinterval counter begins counting when the secures system act is startedby the user. The counter increments/counts until the secure system actends. At that time the current count value is captured and designated asthe final time interval identifier value. This captured final timeinterval identifier must match the correct final time intervalidentifier (which is another component of the key to gain entry/access)for the user to gain access/entry. That is, the secure system act musthave been completed during the correct time interval to gainentry/access.

There are many techniques for setting the correct time intervalparameter before the user attempts to gain access to the secure system.For example, the correct time interval parameter can be set based on thetime the user takes to enter a password. For this specific example, theuser enters their username and password. As the user is typing thepassword the time interval parameter is displayed and dynamicallychanging (e.g., increasing). The user enters their key combinationmultiple times to ensure that they have set the intended 3-tuple key.The locked system or validation unit knows the key combination requiredto gain access.

The time interval parameter (or TDP parameter) can depend on othercharacteristics of entry such as the pressure applied to the keys duringentry. The TDP parameter does not need to be represented using integernumbers or even by numbers. As described elsewhere a color or symbol canbe used to represent a time interval, where the authorized user knowsthe time interval associated with each color/symbol. When the correctcolor is displayed, the user knows to end the secure system act beforethe next color appears.

FIG. 15 illustrates the user name and password fields of conventionalpassword entry schemes and a field that displays the TDP or timeinterval parameter.

The TDP parameter or time interval parameter is displayed on the rightside of the FIG. 16 and the vertical line represents the user's cursor.The empty prompt screen is displayed while waiting for the user to startentering their user name and password key to gain access or entry.

In FIG. 17 the password entry process has begun as the user has enteredtheir User Name parameter. Entry of the password parameter has not beenstarted and thus the TDP parameter remains at 0.

FIG. 18 depicts the user moving the cursor down to enter the passwordprompt box. As the user moves to enter the password parameter the timeinterval value increases to 1.

FIG. 19 shows completion of the password entry. The user is about toeither click enter key to submit their key or click the “Log In” button.The TDP parameter corresponds to the time interval when password entryhas been completed. In this example the user took between three and fourseconds to enter their password, causing the TDP parameter to displaythe numeral three.

After the log in button has been clicked, FIG. 20 represents thesubmitted information. The system is presented with the submittedinformation (key) (the password and the time interval identifier) and ifit matches the valid key(s) the user gains access to the system.

In the above implementation if the user at any time pressed and held thekeyboard backspace to clear the password field and then pressed thebackspace an additional time the TDP parameter would have been reset.This allows the user to retry entry just as if they had incorrectlyentered their password in the typical username/password 2-tuple system.

Another feature that could be implemented in the above embodimentcomprises an alternate valid TDP parameter. This alternate parameterallows the user to successfully enter their key if they are using adifferent entry method than expected or if the user is injured orotherwise impaired.

Another exemplary password comprises a picture or pattern password asdescribed above. FIG. 21 illustrates a pattern entry device comprising aplurality of keys 2100. A picture or pattern password requires the userto touch the picture in a certain locations according to a predeterminedsequence to create a keyed pattern.

A time interval parameter is added according to the time expended tomake the pattern. Additionally, a force associated with each press, aspeed to complete the pattern, or another factor related to patternentry can alternatively serve as the TDP time component.

Audio and video keys could also have TDP implementation parameters toincrease access security. For an audio key the TDP parameter can bedetermined as the time taken to say a certain word, the volume of theword, an accent, or another characteristic of the spoken word.

As computer systems continue to improve they may be able to predict whenthe user may make a mistake and stop the user before the mistake iscommitted. For software applications they could warn a user that a linkcontains a virus or advises them that their current password is unsafedue to multiple reuses of the same password. The system may also advisea person that their buying habits indicate an unhealthy addiction.

A hardware solution can be implemented for intersection traffic lights.When a traffic signal turns from green to yellow the controlling systemknows the yellow duration before the signal turns red. But the user doesnot know this information.

Thus the driver is in a predicament as they may continue through theintersection and thereby “run” a red light. Predictive securityimplemented in the traffic signaling system allows the system tocommunicate with the car by sending information to the car.

This information can include the duration of the yellow light andadditional information that permits the car to determine a distancebetween the traffic light and the car. Once the car receives theinformation it can determine its speed and the distance from the trafficlight and calculates whether the car can pass through the yellow lightbefore the light turns red.

Alternatively, the information sent to the car can originate from anumber of other sources, including other vehicles, sensors embedded inthe roadway, handheld devices such as cell phones, or the car itselfsensing conditions relevant conditions and parameters.

If the user cannot make it through the light safely the user is notifiedand advised to stop or the system can override the user and stop thecar. For instance, the notifications can be optical, haptic, vibratory,aural, or otherwise. The system may override user control by applyingthe brakes automatically, sounding the horn, maneuvering the car toavoid a collision or otherwise.

This sequence of events is illustrated in FIGS. 22-25.

FIG. 22 illustrates a traffic signal 2200 that sends information to avehicle 2204 traveling along a highway 2206. The information includes atime duration of the yellow signal.

At FIG. 23 the vehicle 2204 receives the information and calculates itsspeed and time to reach the signal 2200.

FIG. 24 illustrates that the vehicle 2204 has stopped short of theintersection and thereby avoided passing through a red signal.

FIG. 25 depicts a physical key embodiment of the present invention. Whena weight 2513 touches a pressure sensor 2514 a timing counter (notshown) for determining a timing interval is activated. The pressuresensor 2514 is activated only when a top surface of the pins 2507-2510are horizontally aligned, as illustrated in FIG. 25. The pins 2507-2510are aligned only when the proper physical key 2505 is inserted into akeyhole 2506.

When the pins 2507-2510 are aligned, a string-like or wire-likecomponent 2512, which is disposed through the top of each pin 2507-2510and through a static component 2511, allows the weight 2513 to reach thepressure sensor 2514. Responsive to a signal from the pressure sensor,an electrical component (not illustrated) notifies the user when thetime interval counter changes. The user can then track or count thenumber of time intervals to be sure he removes the key during thecorrect time interval. In this embodiment the user must know beforehandthe correct time interval for removing the key from the key hole (thatis, ending the secure system act). The notification of time intervalchanges can be in the form of haptic feedback such as by vibrating thekey or lock or by emitting a sound.

Note that the act of inserting the key into the hole aligns the pins2507-2510, tightens the component 2512. A length of the component 2512is selected to ensure the weight 2513 will reach the pressure sensor2514 only when there is no slack in the component 2512. But when thepins 2507-2510 are not aligned the component 2512 does not have a directpath between the pins 2507-2510 and there is insufficient length toallow the weight 2513 to reach the sensor 2514.

Other embodiments employ an electronic-based device for applyingpressure to the sensor 2514 or for directly activating the electronictiming component.

FIG. 26 illustrates the elements associated with a secure systemaccording to one embodiment of the invention. A user begins a securesystem act employing a user input device 2602. A validation unit 2608stores the secure system act and the time interval of the TDP (i.e., thecorrect or expected secure system act and time interval). Acounter/timer 2609 begins counting/incrementing when the secure systemact is begun. When the secure system act ends the counter/timer 2609stops counting and captures the current interval count as the finalinterval count. This value is input to the validation unit 2608. If thesecure system act and the time interval count match the respectivestored information (i.e., the correct secure system act and the correcttime interval), the validation unit 2608 supplies an authenticationsignal to a control unit 2610 for permitting the user to gain access tothe secure system or location 2612.

According to another embodiment unauthorized intruders are “spoofed”into believing that they have accessed or gained entry to the securesystem. That is, the returned content appears to be legitimate but infact is false. Of course in this embodiment a valid user is grantedaccess to a valid site, only those not authenticated are provided withfalse content.

Another embodiment phishing security against Trojan horse attacks. Ascyber war is being waged the most common opening attack is a phishingattack where the perpetrator sends an email that infects or takescontrol of a victim's computer. Phishing security according to thisembodiment allows the user to click any email address within an email.These emails are then opened up in a separate window that runs a smallemulated operating system. Upon closing this window the operating systeminstance is deleted and the would-be victim's computer and informationremain safe.

The general description and the provided detailed descriptions aremerely exemplary and explanatory only and are not restrictive of theinvention, as defined in the appended claims. Other aspects of thepresent invention will be apparent to those skilled in the art in viewof the detailed description of the invention as provided herein.

Many modifications and other implementations or uses of the inventionwill come to the mind of one skilled in the art having the benefit ofthe teachings presented in the foregoing descriptions and the associateddrawings. Therefore, it is understood that the invention is not to belimited to the specific examples disclosed in this application, and thatmodifications and additional implementations are intended to be includedin this patent application.

What is claimed is:
 1. An apparatus for authenticating a user to gainaccess or entry to a secure system or location, the apparatuscomprising: a correct final time interval count associated withexecution of the secure system act, the correct final time intervalcount revealed to or known by the user prior to ending the secure systemact; a counter for determining a final time interval count representinga number of time intervals between an operation that begins the securesystem act and an operation that ends the secure system act; avalidation unit responsive to a key for validating the user as a validuser, the key comprising the secure system act and the final timeinterval count, the validation unit further responsive to a correctsecure system act and the correct final time interval count, thevalidation unit for determining whether the secure system act matchesthe correct secure system act, and for determining whether the finaltime interval count matches the correct final time interval count, andfor producing an authentication signal responsive to a first affirmativeresult of the secure system act matching the correct secure system act,and a second affirmative result of the final time interval countmatching the correct final time interval count; and a control unit forpermitting access to the secure system or location responsive to theauthentication signal.
 2. The apparatus of claim 1 wherein the operationthat begins the secure system act comprises one or more of fullinsertion of a physical key into a keyhole, holding a physical key nearthe keyhole, turning the key within the keyhole, non-nulling of a dataentry field, clicking into an entry field, tabbing into an entry field,placing a finger onto a touch screen, placing a finger onto afingerprint reader, moving a joystick or controller, placing an eye infront of a retina scanner, touching the first number in a PIN entry,making an audible noise, holding a NFC enabled phone, device, card orotherwise within range of a NFC reader, placing a device into acomputer, showing a tattoo to a reader, showing a device within or on aperson within a certain distance from a reader, extracting informationfrom something on or within a person, moving to start a movementpassword, and when a user begins a certain action for a second time. 3.The apparatus of claim 1 wherein the operation that ends the securesystem act comprises one or more of a turning a physical key in orwithdrawing a physical key from a keyhole, making an entry field,resetting the secure system act attempt, clearing the alphanumericpassword entry or clearing any action that is considered a start of asecure system act, clicking out of the entry field, tabbing out of theentry field, pulling a finger away from the touch screen, removing afinger from a fingerprint reader, removing an eye from a retina scanner,touching the last number in a PIN entry, submitting/entering/clicking anicon to enter/submit/deactivate, making a noise (such as saying a wordor speaking), removing an NFC-enabled communications device out of rangeof an NFC reader, removing a device (such as a YubiKey) from a computer,showing a tattoo to a reader, moving out of range from a reader thatreads an article that is within or on a person, taking information fromsomething on or within a person, removing a tattoo from a reader field,or moving out of the reader's range, removing information from somethingon or within a person, moving to start the movement password, completingthe movement/pattern/picture password, hitting a certain number ofcorrect points, saying/clicking/gesturing/or otherwise indicating thatthe attempt is complete, submitting, clicking off, pressing enter,tabbing, deactivating, completing a valid secure system act alone. 4.The apparatus of claim 1 wherein the secure system act comprises one ormore of a entering an alphanumeric password, entering a PIN, tracing ashape on a screen or a keyboard, speaking, providing a physical device,interacting with an interface that records information, and interactingwith an interface receiving input from a user.
 5. The apparatus of claim1 wherein the secure system act comprises a first act input via either amechanical device or an electrically-based sensor and a second act inputvia a mechanical device.
 6. The apparatus of claim 1 wherein the correctfinal time interval count is displayed to the user before or duringexecution of the secure system act.
 7. The apparatus of claim 1 whereinthe final time interval count is measured in seconds or is measured in anumber of time intervals.
 8. The apparatus of claim 1 the time intervalshaving a fixed or a variable duration.
 9. The apparatus of claim 1further comprising a display, wherein if the user gains access or entryto the secure system or location, valid information from the securesystem is presented to the user on the display.
 10. The apparatus ofclaim 1 further comprising a display, wherein if the user is deniedaccess or entry to the secure system or the location, false informationis presented to the user on the display.
 11. The apparatus of claim 1wherein the user selects a secure system act and wherein the final timeinterval count is responsive to a selected secure system act.
 12. Theapparatus of claim 1 further comprising a display, wherein the finaltime interval count and the correct final time interval count aredisplayed to the user as non-numeric images on the display.
 13. Theapparatus of claim 1 wherein the counter is reset whenever the securesystem act is restarted.
 14. The apparatus of claim 1 wherein during thesecure system act portions of the secure system act and a time intervalidentifier for each portion are sent to the validation unit, thevalidation unit for determining whether each portion of the securesystem act matches a corresponding portion of the correct secure systemact, and each time interval identifier is associated with the correctportion of the secure system act.
 15. The apparatus of claim 1 whereinthe secure system act comprises multiple secure system acts.
 16. Theapparatus of claim 1 further comprising a display, wherein each timeinterval comprises a time interval identifier and the time intervalidentifiers or the time intervals are displayed to the user.
 17. Theapparatus of claim 1 wherein the correct final time interval count ischanged to an alternative correct final time interval count, thevalidation unit responsive to the alternative correct final timeinterval count instead of the correct final time interval count.
 18. Theapparatus of claim 1 wherein if the final time interval count does notmatch the correct final time interval count the final time intervalcount is displayed to the user.
 19. The apparatus of claim 1 wherein thecorrect final time interval count comprises a first subinterval and asecond subinterval, and wherein if the secure system act is completedwithin the first subinterval the validation unit determines that thefinal time interval count does not match the correct final time intervalcount.
 20. The apparatus of claim 19 wherein a length of the firstsubinterval is less than one second.